5 matches found
CVE-2022-23546
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue...
CVE-2022-23546
creationtimestamp| type| source ---|---|--- 2023-01-05 22:19:20+00:00| seen| https://t.me/cibsecurity/56007 2025-03-10 21:39:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7070...
CVE-2022-23546 Discourse vulnerable to private topic leak via email#send_digest
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue...
CVE-2022-23546
Discourse 2.9.0.beta14 contains an information disclosure vulnerability where maliciously embedded URLs can leak an admin’s digest of recent topics. The issue stems from how topic digests are assembled for emails/digests, leading to leakage of private information to unintended recipients. A patch...
CVE-2022-23546 Discourse vulnerable to private topic leak via email#send_digest
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue...